changed tab spacing from 8 to 4

[strongswan.git] / src / openac / build.c

/* Build a X.509 attribute certificate
 * Copyright (C) 2002  Ueli Galizzi, Ariane Seiler
 * Copyright (C) 2004  Andreas Steffen
 * Zuercher Hochschule Winterthur, Switzerland
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 *
 * RCSID $Id: build.c,v 1.14 2005/09/06 11:47:57 as Exp $
 */

#include <stdlib.h>
#include <string.h>

#include <freeswan.h>

#include "../pluto/constants.h"
#include "../pluto/defs.h"
#include "../pluto/oid.h"
#include "../pluto/asn1.h"
#include "../pluto/x509.h"
#include "../pluto/log.h"

#include "build.h"

static u_char ASN1_group_oid_str[] = {
        0x06, 0x08,
                  0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x0a ,0x04
};

static const chunk_t ASN1_group_oid = strchunk(ASN1_group_oid_str);

static u_char ASN1_authorityKeyIdentifier_oid_str[] = {
        0x06, 0x03,
                  0x55, 0x1d, 0x23
};

static const chunk_t ASN1_authorityKeyIdentifier_oid
          = strchunk(ASN1_authorityKeyIdentifier_oid_str);

static u_char ASN1_noRevAvail_ext_str[] = {
        0x30, 0x09,
                  0x06, 0x03,
                                0x55, 0x1d, 0x38,
                  0x04, 0x02,
                                0x05, 0x00
};

static const chunk_t ASN1_noRevAvail_ext = strchunk(ASN1_noRevAvail_ext_str);

/**
 * build directoryName
 */
static chunk_t build_directoryName(asn1_t tag, chunk_t name)
{
        return asn1_wrap(tag, "m",
                                asn1_simple_object(ASN1_CONTEXT_C_4, name));
}

/**
 * build holder
 */
static chunk_t build_holder(void)
{
        return asn1_wrap(ASN1_SEQUENCE, "mm",
                                asn1_wrap(ASN1_CONTEXT_C_0, "mm",
                                        build_directoryName(ASN1_SEQUENCE, user->issuer),
                                        asn1_simple_object(ASN1_INTEGER, user->serialNumber)
                                ),
                                build_directoryName(ASN1_CONTEXT_C_1, user->subject));
}

/**
 * build v2Form
 */
static chunk_t build_v2_form(void)
{
        return asn1_wrap(ASN1_CONTEXT_C_0, "m",
                                build_directoryName(ASN1_SEQUENCE, signer->subject));
}

/**
 * build attrCertValidityPeriod
 */
static chunk_t build_attr_cert_validity(void)
{
        return asn1_wrap(ASN1_SEQUENCE, "mm",
                                timetoasn1(&notBefore, ASN1_GENERALIZEDTIME),
                                timetoasn1(&notAfter,  ASN1_GENERALIZEDTIME));
}

/**
 * build attributes
 */
static chunk_t build_ietfAttributes(ietfAttrList_t *list)
{
        chunk_t ietfAttributes;
        ietfAttrList_t *item = list;
        size_t size = 0;
        u_char *pos;

        /* precalculate the total size of all values */
        while (item != NULL)
        {
                size_t len = item->attr->value.len;

                size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len;
                item = item->next;
        }
        pos = build_asn1_object(&ietfAttributes, ASN1_SEQUENCE, size);

        while (list != NULL)
        {
                ietfAttr_t *attr = list->attr;
                asn1_t type = ASN1_NULL;

                switch (attr->kind)
                {
                        case IETF_ATTRIBUTE_OCTETS:
                                type = ASN1_OCTET_STRING;
                                break;
                        case IETF_ATTRIBUTE_STRING:
                                type = ASN1_UTF8STRING;
                                break;
                        case IETF_ATTRIBUTE_OID:
                                type = ASN1_OID;
                                break;
                }
                mv_chunk(&pos, asn1_simple_object(type, attr->value));

                list = list->next;
        }

        return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes);
}

/**
 * build attribute type
 */
static chunk_t build_attribute_type(const chunk_t type, chunk_t content)
{
        return asn1_wrap(ASN1_SEQUENCE, "cm",
                                type,
                                asn1_wrap(ASN1_SET, "m", content));
}

/**
 * build attributes
 */
static chunk_t build_attributes(void)
{
        return asn1_wrap(ASN1_SEQUENCE, "m",
                                build_attribute_type(ASN1_group_oid,
                                        build_ietfAttributes(groups)));
}

/**
 * build authorityKeyIdentifier
 */
static chunk_t build_authorityKeyID(x509cert_t *signer)
{
        chunk_t keyIdentifier = (signer->subjectKeyID.ptr == NULL)
                                ? empty_chunk
                                : asn1_simple_object(ASN1_CONTEXT_S_0,
                                                signer->subjectKeyID);

        chunk_t authorityCertIssuer = build_directoryName(ASN1_CONTEXT_C_1,
                                                signer->issuer);

        chunk_t authorityCertSerialNumber = asn1_simple_object(ASN1_CONTEXT_S_2,
                                                signer->serialNumber);

        return asn1_wrap(ASN1_SEQUENCE, "cm",
                                ASN1_authorityKeyIdentifier_oid,
                                asn1_wrap(ASN1_OCTET_STRING, "m",
                                        asn1_wrap(ASN1_SEQUENCE, "mmm",
                                                keyIdentifier,
                                                authorityCertIssuer,
                                                authorityCertSerialNumber
                                        )
                                )
                   );
}

/**
 * build extensions
 */
static chunk_t build_extensions(void)
{
        return asn1_wrap(ASN1_SEQUENCE, "mc",
                                build_authorityKeyID(signer),
                                ASN1_noRevAvail_ext);
}

/**
 * build attributeCertificateInfo
 */
static chunk_t build_attr_cert_info(void)
{
        return asn1_wrap(ASN1_SEQUENCE, "cmmcmmmm",
                                ASN1_INTEGER_1,
                                build_holder(),
                                build_v2_form(),
                                ASN1_sha1WithRSA_id,
                                asn1_simple_object(ASN1_INTEGER, serial),
                                build_attr_cert_validity(),
                                build_attributes(),
                                build_extensions());
}

/**
 * build an X.509 attribute certificate
 */
chunk_t build_attr_cert(void)
{
        chunk_t attributeCertificateInfo = build_attr_cert_info();
        chunk_t signatureValue = pkcs1_build_signature(attributeCertificateInfo,
                                                                OID_SHA1, signerkey, TRUE);

        return asn1_wrap(ASN1_SEQUENCE, "mcm",
                                attributeCertificateInfo,
                                ASN1_sha1WithRSA_id,
                                signatureValue);
}